* Advisory ID: DRUPAL-SA-CONTRIB-2009-056 * Project: Node2Node, Node Browser, Subdomain Manager, Quota by role, Rest API (third-party modules) * Version: 5.x, 6.x * Date: 2009 Sept 9 * Security risk: Critical * Exploitable from: Remote * Vulnerability: Multiple vulnerabilities
-------- DESCRIPTION ---------------------------------------------------------
Multiple vulnerabilities have been found in the following modules which have been abandoned. Their releases have been unpublished and it is recommended that they be disabled and un-installed if in use. -------- MODULES -------------------------------------------------------------
* Node2Node [1] * Node Browser [2] * Subdomain Manager [3] * Quota by role [4] * Rest API [5]
Drupal core is not affected. If you do not use any of these contributed modules, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------
There is no solution available. It is recommended that you disable any of the vulnerable modules if they are in use on your site. -------- CONTACT -------------------------------------------------------------
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
[1] http://drupal.org/project/node2node [2] http://drupal.org/project/node_browser [3] http://drupal.org/project/subdomain_manager [4] http://drupal.org/project/quota_by_role [5] http://drupal.org/project/restapi